* website/docs: clarify LDAP group attribute mappings
Explain that LDAP source property mappings can be assigned to groups, add an example for copying a custom LDAP group attribute into authentik group attributes, and note how to decode JSON-encoded values.
Closes: https://github.com/goauthentik/authentik/issues/5874
* Update website/docs/users-sources/sources/protocols/ldap/index.md
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>
* Update website/docs/users-sources/sources/protocols/ldap/index.md
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>
---------
Signed-off-by: Dominic R <dominic@sdko.org>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
The application might need a unique id for a group to uniquely identify it. It can help in various cases like detecting group renames and more.
We should document `group_uuid` field of the group object to make users aware that it can be used in custom property mappings.
Signed-off-by: Shiv Tyagi <67995771+shiv-tyagi@users.noreply.github.com>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
* rough draft
* more content, still drafty
* wow the Consent stage is interesting
* figured out consent policy binding
* more content
* tweak
* add steps to create Consent stage
* add to sidebar, more procedural content
* tested steps, more polish
* fixed mangled section
* work on user interface doc
* tweak to App paassword section
* tweaks about App passwords
* more mfa content
* tweaks
* website/docs/add-secure-apps/flows-stages/stages/consent/index.md
* fix link
* add info about recovery flow, tweaks
* removed/reworded talk of custom flows
* dominic edits
* rest of dominic's edits
* more excellent edits by dominic
* more dominc edits
* another edit
* more edits, restored unwanted files
* tweaks
* tweak to a preposition
* jens edits
* removed unrelated change to cspell file
* Apply suggestion from @BeryJu
Signed-off-by: Jens L. <jens@beryju.org>
* Jens edits
* two missed edits
---------
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Jens L. <jens@goauthentik.io>
* Add note about caching
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
---------
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Dominic R <dominic@sdko.org>
* Begin
* WIP
* WIP
* WIP
* Fix link
* Fix spellig and links
* Enterprise vs enterprise plus
* Changes based on Tana's comment
* Update website/docs/enterprise/enterprise-features.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update website/docs/enterprise/enterprise-features.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update website/docs/enterprise/enterprise-features.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update website/docs/enterprise/enterprise-features.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Apply suggestions
* Apply suggestion from Eric
* Update doc title after discussion with Tana
* Fix links
* Update website/docs/enterprise/manage-enterprise.mdx
Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update website/docs/enterprise/manage-enterprise.mdx
Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Apply suggestions
* US dollars
* Apply Fletcher's suggestions
---------
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Dominic R <dominic@sdko.org>
Update the GitHub social-login guide to consistently reference GitHub Developer Settings and correct provider wording.
Standardize GitHub capitalization across the page text and inline policy comments.
* Update permission name from 'Can view Admin interface' to 'Can access admin interface'
based on the current 2025.12 release
Signed-off-by: Kofl <thomas@kofler.tk>
* Fix other references to old permission name
---------
Signed-off-by: Kofl <thomas@kofler.tk>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
* Begin
* Add steps
* Apply suggestions
* Update website/docs/users-sources/sources/social-logins/okta/index.md
Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Apply suggestion from @dominic-r
Signed-off-by: Dominic R <dominic@sdko.org>
---------
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>
Co-authored-by: Dominic R <dominic@sdko.org>
* first approach
* add cc and bcc support, better ui
* remove unnecessary data return
* add template support
* fix linting
* do the ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* display invite info in InvitationSendEmailForm.ts
* Select the invitation template by default
* Fix linting
* fix tests
* Add tests, clean code
* Add docs
* fix link
* Make the UI less disgusting
* Make the UI less disgusting
* Apply suggestions from code review
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com>
* small formatting fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* Use writeToClipboard function, better wording for CC and BCC
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
* new first steps docs
* moved email config up to match Docker
* first draft
* moved sections and retitled some
* more content, tweaks
* dewis edits
* added Dewi ideas, more content, tweaks
* more content, green tips, other fixes
* Optimised images with calibre/image-actions
* Optimised images with calibre/image-actions
* Optimised images with calibre/image-actions
* conflicts?
* dominic's eedits, more content
* another fine Dominic edit
* more dewi and dominic edits, links
* a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* tweaks
* thanks Teffen
* new styles, more content
* few more dominic edits, tweaks
* formatting fights on tips
* fix some alignments
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* changes from Jens
* work on bindings docs that was needed for the first steps docs
* links, more tweaks
* more edits, more TODOs done
* add mermaid diagram, more links, more content
* fix sidebar, tweaks
* tweak
* more link fixing
* fix heading size
* more dewi and dominic edits
* more dewi and dominic edits
* teffen enhancements yay and more bindings rearchitecting
* added note about stage bindings being the only type of binding that you can bind to yeehaw
---------
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
* clean up roles and permissions
This was purposefully not included in `2025.12` to split the changes up.
The main content of this patch is in the migrations. Everything else
follows more or less automatically.
* add breaking change warning to release notes
* add `ak_groups` --> `groups` deprecated proxy
* fixup! add `ak_groups` --> `groups` deprecated proxy
* fixup! add `ak_groups` --> `groups` deprecated proxy
* fixup! add `ak_groups` --> `groups` deprecated proxy
* add configuration warning to default notifications blueprint
* add rudimentary tests for User.ak_groups
* remove no longer used permissions
* clarify deprecation
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
* remove integration changes
These will be included in a separate PR once this is released.
---------
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
Co-authored-by: Jens L. <jens@goauthentik.io>
* Updates m2m doc, add mention to proxy provider about finding logs, updates filename/links/redirects
* Apply suggestions from code review
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Prettier
* wip
* Removed section and changed some wording
* Add section
* Update website/docs/add-secure-apps/providers/proxy/index.md
Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
---------
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
Co-authored-by: Dominic R <dominic@sdko.org>
* move imports
* core: add digraph group hierarchy
* move to permissions from Group or User to Role
* set group parents on frontend
* do not serialize `GroupParentageNode` directly
* core: enforce unique group name on database level
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use group parents in LDAP provider
* add user-role relationship control to frontend
* move materialized view to be more discoverable
* add guardian to mypy exceptions
* make `Role` a `ManagedModel`
* fixup! make `Role` a `ManagedModel`
* simplify `get_objects_for_user`
* fix flaky unit test
* rename `django-guardian` fork to `ak-guardian`
* add tests around users/groups/roles
* remove unused guardian config variable
* simplify guardian file structure
* clean up frontend
* initial docs
* remove `mode` from `InitialPermissions`
This is no longer needed, since users no longer directly have permissions.
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
* clean up docs for managing permissions
* addendums from docs review
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
* tweaks
* dewi and tana edits to docs
* tweak
* truly final tweaks, for now
* relabel Role Permissions table
* clarify button label
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
* merge migrations
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Tana M Berry <tana@goauthentik.io>
* Updates doc
* Fix links
* Typo
* Email link update
* Update website/docs/users-sources/user/user_basic_operations.md
Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
---------
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Dominic R <dominic@sdko.org>
* Merge changes
* Optimised images with calibre/image-actions
* Optimised images with calibre/image-actions
* Remove tags from Entra docs
* Minor improvements
* Update website/docs/users-sources/sources/social-logins/entra-id/index.mdx
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Apply suggestion from @tanberry
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Apply suggestions
* Update website/docs/users-sources/sources/social-logins/plex/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update website/docs/users-sources/sources/social-logins/google/workspace/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update website/docs/users-sources/sources/social-logins/google/cloud/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update website/docs/users-sources/sources/social-logins/mailcow/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update website/docs/users-sources/sources/social-logins/twitch/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update website/docs/users-sources/sources/social-logins/entra-id/scim/index.mdx
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update website/docs/users-sources/sources/social-logins/twitter/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Apply suggestions
* Update website/docs/users-sources/sources/social-logins/google/cloud/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update website/docs/users-sources/sources/social-logins/google/index.mdx
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update website/docs/users-sources/sources/social-logins/google/cloud/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
---------
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
